Bluetooth: check L2CAP info_rsp ident and state

Information requests/responses are unbound to L2CAP channel. Patch fixes issue arising when two devices connects at the same time to each other. This way we do not process out of the context messages. We are safe dropping info_rsp since info_timer is left running. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: check L2CAP info_rsp ident and state
Information requests/responses are unbound to L2CAP channel. Patch fixes issue arising when two devices connects at the same time to each other. This way we do not process out of the context messages. We are safe dropping info_rsp since info_timer is left running. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e90165be · Andrei Emeltchenko · Gustavo F. Padovan · d1010240 · e90165be
Commit e90165be authored Mar 25, 2011 by Andrei Emeltchenko Committed by Gustavo F. Padovan Mar 31, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

net/bluetooth/l2cap_core.c net/bluetooth/l2cap_core.c +5 -0

No files found.
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -2461,6 +2461,11 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
 	BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
+	/* L2CAP Info req/rsp are unbound to channels, add extra checks */
+	if (cmd->ident != conn->info_ident ||
+			conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
+		return 0;
 	del_timer(&conn->info_timer);
 	if (result != L2CAP_IR_SUCCESS) {